Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
853dc267 by Salvatore Bonaccorso at 2018-10-08T14:56:25Z
Add new tinc issues (CVE-2018-16758, CVE-2018-16738 and CVE-2018-16737)
Check the notes for determining which of the two CVE-2018-16738 or
CVE-2018-16737 does apply for the respective suite.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2915,6 +2915,8 @@ CVE-2018-16759 (The removeXSS function in
App/Common/common.php (called from ...
NOT-FOR-US: EasyCMS
CVE-2018-16758
RESERVED
+ - tinc 1.0.35-1
+ NOTE:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
CVE-2018-16757
RESERVED
CVE-2018-16756
@@ -2978,8 +2980,15 @@ CVE-2018-16739
RESERVED
CVE-2018-16738
RESERVED
+ - tinc 1.0.35-1
+ [jessie] - tinc <not-affected> (Only affects 1.0.30 to 1.0.34)
+ NOTE:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
+ NOTE: This CVE is specific for tinc versions which did had mitigations
put
+ NOTE: in place for the Sweet32 attack in tinc 1.0.30.
CVE-2018-16737
RESERVED
+ - tinc 1.0.31-1
+ NOTE:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
CVE-2018-16736 (In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via
the ...)
NOT-FOR-US: rcfilters plugin for Roundcube
CVE-2018-16735
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/853dc267745a1afc4e9bc2ac13a70404c917349a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/853dc267745a1afc4e9bc2ac13a70404c917349a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
